3 ;;; Peers description file
5 ;;; New installations will clobber this file. Therefore you're best off not
6 ;;; editing this file directly; instead, drop a file containing your
7 ;;; overridden settings alongside.
9 ;;;--------------------------------------------------------------------------
12 ;;; The paramaters here affect all peer definitions. It mainly contains
13 ;;; information about the local site. You will need to customize it.
17 ;; domain: the domain name for your VPN; used to form default tunnel
19 domain = vpn.example.com
21 ;; myhost: my (internal) host name; used by the default laddr.
24 ;; laddr: the local address for point-to-point interfaces.
25 laddr = $[$(myhost).$(domain)]
27 ;; raddr: the remote address for point-to-point interfaces.
28 raddr = $[$(name).$(domain)]
30 ;; ifname: the name to set on point-to-point interfaces.
33 ;; ifup: script to set up a tunnel interface ready for use. The installed
34 ;; script is good for Linux hosts.
35 ifup = /usr/sbin/tripe-ifup
37 ;; every: interval for checking that this connection is alive.
40 ;; timeout: how long to wait for a ping response before giving up.
43 ;; retries: how many ping attempts to make before declaring the connection
47 ;;;--------------------------------------------------------------------------
48 ;;; Active-peers defaults.
50 ;;; The parameters here affect both active and dynamic connections. The
51 ;;; defaults should be good for most sites, though you may wish to add extra
57 ;; port: the port on which the peer's tripe(8) daemon is running. The
58 ;; default is the port officially allocated by IANA.
61 ;; host: the external host name (or dotted-quad IP address) of the host
62 ;; running tripe(8). This should be overridden explicitly in each peer
66 ;; peer: the address specification (see tripe-admin(5)) to use to connect to
68 peer = INET $[$(host)] $(port)
70 ;;;--------------------------------------------------------------------------
71 ;;; Dynamic-peers defaults.
73 ;;; The parameters here affect peers to whom dynamic connections are made.
74 ;;; The user and connect parameters probably need customizing.
79 ;; cork: whether to wait for a key-exchange packet from the peer before
80 ;; sending one of our own.
83 ;; ssh-user: user to connect as; used by the connect parameter.
86 ;; connect: shell command to use to wake up the remote peer and establish the
88 connect = ssh -q $(ssh-user)@$[$(host)]
90 ;; keepalive: how often to send NOP packets to keep the connection alive, at
91 ;; least in the minds of intermediate stateful firewalls and NAT routers.
94 ;; watch: whether to watch this connection and retry it if it drops.
97 ;;;--------------------------------------------------------------------------
98 ;;; Passive-peers defaults.
100 ;;; The parameters here affect passive peers, i.e., those to whom dynamic
101 ;;; connections are made. The dynamic connection protocol establishes most
102 ;;; of the parameters and these defaults are probably pretty good.
107 ;; peer: mark this entry as being a passive peer.
110 ;; mobile: mark this peer as likely to change its external address without
114 ;; user: the string which the dynamic peer's connect command will present to
115 ;; the CONNECT service.
118 ;; watch: whether to watch this connection and drop it if it dies.
121 ;;;----- That's all, folks --------------------------------------------------